The top-level object type is called `VSpaceObject` in C, so we use the
same name here. The top-level cap is `VSpaceCap` in C, but since we
want to keep it as a flag in the PT Cap in the specs, we call the flag
`capPTisVSpace` for consistency.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Haskell translator import statements in skeleton files can get very
long, and keeping them as one line is rather inconvenient. This change
allows a backslash (`\`) at end-of-line to indicate line continuation.
Note: the `\` acts like in shells, i.e. it must be exactly at EOL.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Conv.params_conv changes the context, and the inner conversion that
it runs needs to work on that inner context, otherwise information
is lost about which of the Free variables are former Bound.
Isabelle2021-1 has more thorough checking and fails when the wrong
context is provided.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
After these changes AutoCorres type checks and compiles, and the proofs
work, but for most test cases we still get runtime exceptions.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
These currently work with an empty prefix as well, but using the name of
the theory file containing the respective install_C_file is more stable.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Add and carry around a `pfx` parameter indicating the prefix under which
constants should be found. Without this prefix, items such as
enumeration constant names are guessed at from unqualified names. If the
unqualified name is hidden for some reason, or clobbered with another
name, the wrong constant gets used and leads to exciting errors.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
The setup for L4V_ARCH=AARCH64 is identical to RISCV64, i.e. same word
length, encoding, and endianness. The setup includes the standalone
parser used for compile and preprocess checks in the seL4 repo.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Apparently, we still did releases with python2 in the past. This commit
updates the script to work cleanly with python3 and with both of Linux
and Darwin.
For the latter, untarring and executing a downloaded tarball is not
easily supported on MacOS, so instead of the tarball, we take a path to
the already unpacked Isabelle release.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Makes the release script more portable between BSD (MacOs etc) and
Linux. Assumes a `brew` install on MacOs instead of the older macports.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Standard bash on MacOS is very old; invoking it via /usr/bin/env allows
the user to put a newer version in the PATH.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
typ_name of word types was not simplifying fully, because a shorter
simp rule is taking precedence over the shortcut rules. The added
rules make the system confluent again.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Word_Lib was included multiple times in the graph, leading to name
shadowing. This commit makes Addr_Type the single point of entry.
Includes some cleanup/warning reductions.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This includes a tweak to Word_Lib to simplify ucast(-1) which
is now a term that occurs more often.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Loading the FunctionaRecordUpdate file in Isabelle is slow.
This change expands the fN family of functions, which fixes the problem.
Signed-off-by: vjackson725 <v.jackson@unsw.edu.au>
Prior to rendering an expression to SIMPL, the C parser extracts
function calls from the expression and reinserts them as new statements
placed just before the statement containing the expression. The result
of each such function call is assigned to a temporary variable which
takes the place of the function call in the original expression.
Prior to this commit, the C parser would not always generate fresh
temporary variable names when multiple temporaries were needed. In
particular, when the left-hand side of an assignment contained a
function call returning the same type as a function call in the
right-hand side expression, the extracted function calls would be
assigned to the *same* temporary variable.
This commit addresses the issue by carrying name generation state across
all expressions in each statement. It implements a state monad as an
abstract data type for this purpose.
Fixes https://sel4.atlassian.net/browse/VER-1389.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The AutoCorres quickstart document includes code from `*.c` files from a
given line number, to avoid including license headers and other details
that aren't useful in the document. This updates the line numbers for
the current license headers.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The links to nicta.com.au have stopped working, so the publication links
now point to the TS publication pages.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This commit adds support for inline assembly whose `lhs` updates a
global variable (such as the heap).
Prior to this commit, the modifies prover assumed that the `lhs` update
of an `asm_spec` only updated local variables. Specifically, the use of
`asm_store_eq_helper[OF globals.surjective globals.surjective]` as a
rewrite rule assumes that `globals (lhs v s)` simplifies to `globals s`,
exposing the `asm_store` inside `s` to the rewrite rule.
This commit avoids the assumption by using `globals.equality` as an
introduction rule. This produces more subgoals, but the subgoals are
relatively simple, so the perfomance is essentially unchanged.
This also slightly refactors `modifies_tactic` slightly:
- `asm_spec` is handled without the `vcg`, using a new rule
`asm_spec_preserves`. This avoids having to deal with
`asm_spec_enabled` separately in `modifies_tactic`.
- `seq_all_new`, which chains `THEN_ALL_NEW`, avoid the need to
repeatedly use `ALLGOALS`.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Gerwin Klein
Rafal Kolanski
Gerwin Klein
Florian Haftmann
Matthew Brecknell
Corey Lewis
vjackson725
Gerwin Klein
Gerwin Klein